@schemavaults/auth-server-sdk 0.17.9 → 0.17.20

package/dist/JwtKeyManager/DatabaseConnectedJwtKeyManager.d.ts

@@ -1,12 +1,9 @@
 import type { JWKS } from "@schemavaults/jwt";
 import type { IJsonWebKeySetsStore } from "./JsonWebKeySetsStore";
 import type { IJwtKeyManager } from "./IJwtKeyManager";
-import type { IDatabaseResourceGroup } from "../DatabaseResourceGroup";
-export declare class DatabaseConnectedJwtKeyManager implements IJwtKeyManager, IDatabaseResourceGroup {
-    protected readonly store: IJsonWebKeySetsStore & IDatabaseResourceGroup;
-    constructor(store: IJsonWebKeySetsStore & IDatabaseResourceGroup);
+export declare abstract class DatabaseConnectedJwtKeyManager implements IJwtKeyManager {
+    protected readonly store: IJsonWebKeySetsStore;
+    constructor(store: IJsonWebKeySetsStore);
     loadJwks(audienceId: string): Promise<JWKS>;
-    hasBeenInitialized(): Promise<boolean>;
-    performSetupTasks(): Promise<void>;
 }
 export default DatabaseConnectedJwtKeyManager;

package/dist/JwtKeyManager/DatabaseConnectedJwtKeyManager.js

@@ -4,13 +4,11 @@ export class DatabaseConnectedJwtKeyManager {
         this.store = store;
     }
     async loadJwks(audienceId) {
-        return await this.store.getJwks(audienceId);
-    }
-    async hasBeenInitialized() {
-        return await this.store.hasBeenInitialized();
-    }
-    async performSetupTasks() {
-        return await this.store.performSetupTasks();
+        const jwks = await this.store.getJwks(audienceId);
+        if (!("keys" in jwks) || !Array.isArray(jwks.keys)) {
+            throw new TypeError("Expected loaded JWKS to have a 'keys' array property!");
+        }
+        return jwks;
     }
 }
 export default DatabaseConnectedJwtKeyManager;

package/dist/JwtKeyManager/DatabaseConnectedJwtKeyManager.js.map

@@ -1 +1 @@
-{"version":3,"file":"DatabaseConnectedJwtKeyManager.js","sourceRoot":"","sources":["../../src/JwtKeyManager/DatabaseConnectedJwtKeyManager.ts"],"names":[],"mappings":"AAKA,MAAM,OAAO,8BAA8B;IAGtB,KAAK,CAAgD;IAExE,YAAmB,KAAoD;QACrE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,UAAkB;QACtC,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC9C,CAAC;IAEM,KAAK,CAAC,kBAAkB;QAC7B,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC;IAC/C,CAAC;IAEM,KAAK,CAAC,iBAAiB;QAC5B,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC;IAC9C,CAAC;CACF;AAED,eAAe,8BAA8B,CAAC"}
+{"version":3,"file":"DatabaseConnectedJwtKeyManager.js","sourceRoot":"","sources":["../../src/JwtKeyManager/DatabaseConnectedJwtKeyManager.ts"],"names":[],"mappings":"AAIA,MAAM,OAAgB,8BAA8B;IAC/B,KAAK,CAAuB;IAE/C,YAAmB,KAA2B;QAC5C,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,UAAkB;QACtC,MAAM,IAAI,GAAS,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACxD,IAAI,CAAC,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,SAAS,CACjB,uDAAuD,CACxD,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,eAAe,8BAA8B,CAAC"}

package/dist/JwtKeyManager/JsonWebKeySetsStore/AbstractJsonWebKeySetsStore.d.ts

@@ -1,16 +1,14 @@
+import { type ApiServerId } from "@schemavaults/app-definitions";
 import type { IJsonWebKeySetsStore } from "./IJsonWebKeySetsStore";
 import { to_public_jwks, type I_JWT_Keys } from "@schemavaults/jwt";
-import type { IDatabaseResourceGroup } from "../../DatabaseResourceGroup";
 type JWKS = Awaited<ReturnType<typeof to_public_jwks>>;
-export declare abstract class AbstractJsonWebKeySetsStore implements IJsonWebKeySetsStore, IDatabaseResourceGroup {
+export declare abstract class AbstractJsonWebKeySetsStore implements IJsonWebKeySetsStore {
     abstract get(audienceId: string, keySetId: string): Promise<I_JWT_Keys | null>;
     abstract has(audienceId: string, keySetId: string): Promise<boolean>;
     abstract storeKeySet(keys: I_JWT_Keys): Promise<void>;
     abstract delete(audienceId: string, keySetId: string): Promise<void>;
     abstract listActiveKeySets(audienceId: string, currentTimestamp?: number): Promise<readonly I_JWT_Keys[]>;
     abstract clearOutdatedKeySets(currentTimestamp?: number): Promise<void>;
-    getJwks(audienceId: string): Promise<JWKS>;
-    abstract hasBeenInitialized(): Promise<boolean>;
-    abstract performSetupTasks(): Promise<void>;
+    getJwks(audienceId: ApiServerId): Promise<JWKS>;
 }
 export default AbstractJsonWebKeySetsStore;

package/dist/JwtKeyManager/JsonWebKeySetsStore/AbstractJsonWebKeySetsStore.js

@@ -1,13 +1,30 @@
-import { apiServerIdSchema } from "@schemavaults/app-definitions";
+import { apiServerIdSchema, } from "@schemavaults/app-definitions";
 import { to_public_jwks } from "@schemavaults/jwt";
 export class AbstractJsonWebKeySetsStore {
     async getJwks(audienceId) {
         if (!apiServerIdSchema.safeParse(audienceId).success) {
             throw new Error("Invalid audience ID to load JWKS for!");
         }
-        const keysets = await this.listActiveKeySets(audienceId);
+        let keysets;
+        try {
+            keysets = await this.listActiveKeySets(audienceId);
+        }
+        catch (e) {
+            console.error(`There was an error listing the active keysets for audience '${audienceId}':`, e);
+            throw new Error(`There was an error listing the active keysets for audience '${audienceId}'`);
+        }
+        if (!Array.isArray(keysets)) {
+            throw new TypeError("Expected result of 'listActiveKeySets' to be an array!");
+        }
+        if (keysets.length === 0) {
+            console.warn(`[AbstractJsonWebKeySetsStore::getJwks(audience_id='${audienceId}')] listActiveKeySets returned an empty array!`);
+        }
         const jwks_promise = to_public_jwks(keysets);
-        return await jwks_promise;
+        const jwks = await jwks_promise;
+        if (!("keys" in jwks) || !Array.isArray(jwks.keys)) {
+            throw new TypeError("Expected loaded JWKS to have a 'keys' array property!");
+        }
+        return jwks;
     }
 }
 export default AbstractJsonWebKeySetsStore;

package/dist/JwtKeyManager/JsonWebKeySetsStore/AbstractJsonWebKeySetsStore.js.map

@@ -1 +1 @@
-{"version":3,"file":"AbstractJsonWebKeySetsStore.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/JsonWebKeySetsStore/AbstractJsonWebKeySetsStore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAElE,OAAO,EAAE,cAAc,EAAmB,MAAM,mBAAmB,CAAC;AAKpE,MAAM,OAAgB,2BAA2B;IAgBxC,KAAK,CAAC,OAAO,CAAC,UAAkB;QACrC,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,OAAO,GACX,MAAM,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;QAC3C,MAAM,YAAY,GAAkB,cAAc,CAAC,OAAO,CAAC,CAAC;QAC5D,OAAO,MAAM,YAAY,CAAC;IAC5B,CAAC;CAIF;AAED,eAAe,2BAA2B,CAAC"}
+{"version":3,"file":"AbstractJsonWebKeySetsStore.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/JsonWebKeySetsStore/AbstractJsonWebKeySetsStore.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,iBAAiB,GAClB,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EAAE,cAAc,EAAmB,MAAM,mBAAmB,CAAC;AAIpE,MAAM,OAAgB,2BAA2B;IAgBxC,KAAK,CAAC,OAAO,CAAC,UAAuB;QAC1C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,OAA8B,CAAC;QACnC,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CACX,+DAA+D,UAAU,IAAI,EAC7E,CAAC,CACF,CAAC;YACF,MAAM,IAAI,KAAK,CACb,+DAA+D,UAAU,GAAG,CAC7E,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,SAAS,CACjB,wDAAwD,CACzD,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,IAAI,CACV,sDAAsD,UAAU,gDAAgD,CACjH,CAAC;QACJ,CAAC;QAED,MAAM,YAAY,GAAkB,cAAc,CAAC,OAAO,CAAC,CAAC;QAC5D,MAAM,IAAI,GAAS,MAAM,YAAY,CAAC;QACtC,IAAI,CAAC,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,SAAS,CACjB,uDAAuD,CACxD,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,eAAe,2BAA2B,CAAC"}

package/dist/JwtKeyManager/JsonWebKeySetsStore/MockJwtKeySetsStore.d.ts

@@ -1,6 +1,6 @@
-import { I_JWT_Keys } from "@schemavaults/jwt";
+import type { I_JWT_Keys } from "@schemavaults/jwt";
 import AbstractJsonWebKeySetsStore from "./AbstractJsonWebKeySetsStore";
-import { IJsonWebKeySetsStore } from "./IJsonWebKeySetsStore";
+import type { IJsonWebKeySetsStore } from "./IJsonWebKeySetsStore";
 export declare class MockJwtKeySetsStore extends AbstractJsonWebKeySetsStore implements IJsonWebKeySetsStore {
     hasBeenInitialized(): Promise<boolean>;
     performSetupTasks(): Promise<void>;

package/dist/JwtKeyManager/JwtDecodingKeysetNotFoundError.d.ts

@@ -0,0 +1,8 @@
+/**
+ * @description Thrown when a JWT keyset with a given 'keyset_id' cannot be found!
+ */
+export declare class JwtDecodingKeysetNotFoundError extends Error {
+    readonly keyset_id: string;
+    constructor(keyset_id: string, message: string);
+}
+export default JwtDecodingKeysetNotFoundError;

package/dist/JwtKeyManager/JwtDecodingKeysetNotFoundError.js

@@ -0,0 +1,20 @@
+// JwtDecodingKeysetNotFoundError.ts
+import isValidUuid from "../is-valid-uuid";
+/**
+ * @description Thrown when a JWT keyset with a given 'keyset_id' cannot be found!
+ */
+export class JwtDecodingKeysetNotFoundError extends Error {
+    keyset_id;
+    constructor(keyset_id, message) {
+        super(message);
+        if (typeof keyset_id !== "string" || !isValidUuid(keyset_id)) {
+            throw new TypeError("Expected first argument to JwtDecodingKeysetNotFoundError to be a 'keyset_id' UUID string");
+        }
+        else if (typeof message !== "string") {
+            throw new TypeError("Expected second argument to JwtDecodingKeysetNotFoundError to be a 'message' string!");
+        }
+        this.keyset_id = keyset_id;
+    }
+}
+export default JwtDecodingKeysetNotFoundError;
+//# sourceMappingURL=JwtDecodingKeysetNotFoundError.js.map

package/dist/JwtKeyManager/JwtDecodingKeysetNotFoundError.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"JwtDecodingKeysetNotFoundError.js","sourceRoot":"","sources":["../../src/JwtKeyManager/JwtDecodingKeysetNotFoundError.ts"],"names":[],"mappings":"AAAA,oCAAoC;AAEpC,OAAO,WAAW,MAAM,iBAAiB,CAAC;AAE1C;;GAEG;AACH,MAAM,OAAO,8BAA+B,SAAQ,KAAK;IACvC,SAAS,CAAS;IAElC,YAAmB,SAAiB,EAAE,OAAe;QACnD,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7D,MAAM,IAAI,SAAS,CACjB,2FAA2F,CAC5F,CAAC;QACJ,CAAC;aAAM,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YACvC,MAAM,IAAI,SAAS,CACjB,sFAAsF,CACvF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;CACF;AAED,eAAe,8BAA8B,CAAC"}

package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.d.ts

@@ -1,11 +1,12 @@
 import type { IJwtKeyManager } from "../../JwtKeyManager/IJwtKeyManager";
 import type { JWKS } from "@schemavaults/jwt";
+import { ApiServerId } from "@schemavaults/app-definitions";
 export interface IRemoteJwtKeyManagerConstructorOpts {
     auth_server_uri?: string;
 }
 export declare class RemoteJwtKeyManager implements IJwtKeyManager {
     private readonly auth_server_uri;
     constructor({ auth_server_uri, }: IRemoteJwtKeyManagerConstructorOpts);
-    loadJwks(audienceId: string): Promise<JWKS>;
+    loadJwks(audienceId: ApiServerId): Promise<JWKS>;
 }
 export default RemoteJwtKeyManager;

package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.js

@@ -1,6 +1,7 @@
 import loadRemoteJwks from "./loadRemoteJwks";
 import { apiServerIdSchema, SCHEMAVAULTS_AUTH_APP_DEFINITION, } from "@schemavaults/app-definitions";
 import getSchemaVaultsAuthServerUri from "../../get-schemavaults-auth-server-uri";
+import loadJwksAccessPrivateKey from "../../env/loadJwksAccessPrivateKey";
 export class RemoteJwtKeyManager {
     auth_server_uri;
     constructor({ auth_server_uri = getSchemaVaultsAuthServerUri(), }) {
@@ -13,8 +14,18 @@ export class RemoteJwtKeyManager {
         if (audienceId === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id) {
             throw new Error(`Auth server doesn't need to load remote JWKS; it already has the keys.`);
         }
+        let jwks_access_private_key;
+        try {
+            jwks_access_private_key = await loadJwksAccessPrivateKey(process.env);
+        }
+        catch (e) {
+            console.error(e);
+            throw new TypeError("Failed to load JWKS access private key from environment variables!");
+        }
         return await loadRemoteJwks({
             auth_server_uri: this.auth_server_uri,
+            api_server_id: audienceId,
+            jwks_access_private_key,
         });
     }
 }

package/dist/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.js.map

@@ -1 +1 @@
-{"version":3,"file":"RemoteJwtKeyManager.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.ts"],"names":[],"mappings":"AAEA,OAAO,cAAc,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EACL,iBAAiB,EACjB,gCAAgC,GACjC,MAAM,+BAA+B,CAAC;AACvC,OAAO,4BAA4B,MAAM,oCAAoC,CAAC;AAM9E,MAAM,OAAO,mBAAmB;IACb,eAAe,CAAS;IAEzC,YAAmB,EACjB,eAAe,GAAG,4BAA4B,EAAE,GACZ;QACpC,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,UAAkB;QACtC,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CACb,8CAA8C,UAAU,GAAG,CAC5D,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,KAAK,gCAAgC,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,IAAI,KAAK,CACb,wEAAwE,CACzE,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,cAAc,CAAC;YAC1B,eAAe,EAAE,IAAI,CAAC,eAAe;SACtC,CAAC,CAAC;IACL,CAAC;CACF;AAED,eAAe,mBAAmB,CAAC"}
+{"version":3,"file":"RemoteJwtKeyManager.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/RemoteJwtKeyManager/RemoteJwtKeyManager.ts"],"names":[],"mappings":"AAEA,OAAO,cAAc,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAEL,iBAAiB,EACjB,gCAAgC,GACjC,MAAM,+BAA+B,CAAC;AACvC,OAAO,4BAA4B,MAAM,oCAAoC,CAAC;AAC9E,OAAO,wBAAwB,MAAM,gCAAgC,CAAC;AAMtE,MAAM,OAAO,mBAAmB;IACb,eAAe,CAAS;IAEzC,YAAmB,EACjB,eAAe,GAAG,4BAA4B,EAAE,GACZ;QACpC,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,UAAuB;QAC3C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CACb,8CAA8C,UAAU,GAAG,CAC5D,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,KAAK,gCAAgC,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,IAAI,KAAK,CACb,wEAAwE,CACzE,CAAC;QACJ,CAAC;QAED,IAAI,uBAAkC,CAAC;QACvC,IAAI,CAAC;YACH,uBAAuB,GAAG,MAAM,wBAAwB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACxE,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACjB,MAAM,IAAI,SAAS,CACjB,oEAAoE,CACrE,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,cAAc,CAAC;YAC1B,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,aAAa,EAAE,UAAU;YACzB,uBAAuB;SACxB,CAAC,CAAC;IACL,CAAC;CACF;AAED,eAAe,mBAAmB,CAAC"}

package/dist/JwtKeyManager/RemoteJwtKeyManager/jwksEndpoint.d.ts

@@ -0,0 +1,2 @@
+import { type ApiServerId } from "@schemavaults/app-definitions";
+export default function jwksEndpoint<T extends ApiServerId>(api_server_id: T): `/api/jwks/${T}`;

package/dist/JwtKeyManager/RemoteJwtKeyManager/jwksEndpoint.js

@@ -0,0 +1,11 @@
+import { apiServerIdSchema, SCHEMAVAULTS_AUTH_SERVER, } from "@schemavaults/app-definitions";
+export default function jwksEndpoint(api_server_id) {
+    if (!apiServerIdSchema.safeParse(api_server_id).success) {
+        throw new TypeError("Invalid 'api_server_id' to load JWKS endpoint URL for!");
+    }
+    if (api_server_id === SCHEMAVAULTS_AUTH_SERVER.api_server_id) {
+        throw new Error("The auth server does not expose a JWKS endpoint.");
+    }
+    return `/api/jwks/${api_server_id}`;
+}
+//# sourceMappingURL=jwksEndpoint.js.map

package/dist/JwtKeyManager/RemoteJwtKeyManager/jwksEndpoint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwksEndpoint.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/RemoteJwtKeyManager/jwksEndpoint.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,+BAA+B,CAAC;AAEvC,MAAM,CAAC,OAAO,UAAU,YAAY,CAClC,aAAgB;IAEhB,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE,CAAC;QACxD,MAAM,IAAI,SAAS,CACjB,wDAAwD,CACzD,CAAC;IACJ,CAAC;IAED,IAAI,aAAa,KAAK,wBAAwB,CAAC,aAAa,EAAE,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,aAAa,aAAa,EAAE,CAAC;AACtC,CAAC"}

package/dist/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.d.ts

@@ -1,7 +1,9 @@
-import type { JWKS } from "@schemavaults/jwt";
+import { type JWKS } from "@schemavaults/jwt";
+import { type ApiServerId } from "@schemavaults/app-definitions";
 export interface ILoadRemoteJwksOpts {
     auth_server_uri: string;
-    jwks_endpoint?: string;
+    api_server_id: ApiServerId;
+    jwks_access_private_key: CryptoKey;
 }
-export declare function loadRemoteJwks({ auth_server_uri, ...opts }: ILoadRemoteJwksOpts): Promise<JWKS>;
+export declare function loadRemoteJwks({ auth_server_uri, api_server_id, jwks_access_private_key, }: ILoadRemoteJwksOpts): Promise<JWKS>;
 export default loadRemoteJwks;

package/dist/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.js

@@ -1,21 +1,48 @@
-const DEFAULT_REMOTE_JWKS_ENDPOINT = "/.well-known/jwks.json";
-export async function loadRemoteJwks({ auth_server_uri, ...opts }) {
-    const jwks_endpoint = typeof opts.jwks_endpoint === 'string' ? opts.jwks_endpoint : DEFAULT_REMOTE_JWKS_ENDPOINT;
-    const response = await fetch(`${auth_server_uri}${jwks_endpoint}`, { method: "GET" });
+import { createJwksAccessProofToken } from "@schemavaults/jwt";
+import jwksEndpoint from "./jwksEndpoint";
+import { apiServerIdSchema, } from "@schemavaults/app-definitions";
+export async function loadRemoteJwks({ auth_server_uri, api_server_id, jwks_access_private_key, }) {
+    if (typeof auth_server_uri !== "string") {
+        throw new TypeError("Expected 'auth_server_uri' to be a string!");
+    }
+    else if (!auth_server_uri.startsWith("http://") &&
+        !auth_server_uri.startsWith("https://")) {
+        throw new TypeError("Expected 'auth_server_uri' to start with http:// or https://");
+    }
+    if (!apiServerIdSchema.safeParse(api_server_id).success) {
+        throw new TypeError("Invalid API server ID to load remote JWKS for!");
+    }
+    let jwks_access_proof_token;
+    try {
+        jwks_access_proof_token = await createJwksAccessProofToken({
+            api_server_id,
+            private_key: jwks_access_private_key,
+        });
+    }
+    catch (e) {
+        console.error(e);
+        throw new Error("Failed to create JWKS Access Proof Token!");
+    }
+    const response = await fetch(`${auth_server_uri}${jwksEndpoint(api_server_id)}`, {
+        method: "GET",
+        headers: new Headers({
+            Authorization: `Bearer ${jwks_access_proof_token}`,
+        }),
+    });
     if (!response.ok || response.status !== 200) {
-        throw new Error("Failed to load jwks.json from auth server!");
+        throw new Error(`Failed to load jwks.json from auth server: ${response.status} ${response.statusText}`);
     }
     const body = await response.json();
-    if (typeof body !== 'object' || !body) {
+    if (typeof body !== "object" || !body) {
         throw new TypeError("Expected result of loading jwks.json to be an object!");
     }
-    if (!("keys" in body) || !Array.isArray(body['keys'])) {
+    if (!("keys" in body) || !Array.isArray(body["keys"])) {
         throw new Error("Expected response body of jwks.json to have a 'keys' array field!");
     }
-    if (!body['keys'].every(key => typeof key !== 'object' || !key)) {
+    if (!body["keys"].every((key) => typeof key !== "object" || !key)) {
         throw new Error("Expected every item in 'keys' array to be an object!");
     }
-    const keys = body['keys'];
+    const keys = body["keys"];
     return { keys };
 }
 export default loadRemoteJwks;

package/dist/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.js.map

@@ -1 +1 @@
-{"version":3,"file":"loadRemoteJwks.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.ts"],"names":[],"mappings":"AAOA,MAAM,4BAA4B,GAAG,wBAAkD,CAAC;AAExF,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,EAAE,eAAe,EAAE,GAAG,IAAI,EAAuB;IACpF,MAAM,aAAa,GAAG,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,4BAA4B,CAAA;IAChH,MAAM,QAAQ,GAAa,MAAM,KAAK,CACpC,GAAG,eAAe,GAAG,aAAa,EAAE,EACpC,EAAE,MAAM,EAAE,KAAK,EAAE,CAClB,CAAA;IACD,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;IAC/D,CAAC;IACD,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC5C,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QACtC,MAAM,IAAI,SAAS,CAAC,uDAAuD,CAAC,CAAA;IAC9E,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAA;IACtF,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;IACzE,CAAC;IACD,MAAM,IAAI,GAAa,IAAI,CAAC,MAAM,CAAC,CAAC;IACpC,OAAO,EAAE,IAAI,EAAE,CAAC;AAClB,CAAC;AAED,eAAe,cAAc,CAAC"}
+{"version":3,"file":"loadRemoteJwks.js","sourceRoot":"","sources":["../../../src/JwtKeyManager/RemoteJwtKeyManager/loadRemoteJwks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,0BAA0B,EAAa,MAAM,mBAAmB,CAAC;AAC1E,OAAO,YAAY,MAAM,gBAAgB,CAAC;AAC1C,OAAO,EAEL,iBAAiB,GAClB,MAAM,+BAA+B,CAAC;AAQvC,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,EACnC,eAAe,EACf,aAAa,EACb,uBAAuB,GACH;IACpB,IAAI,OAAO,eAAe,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,IAAI,SAAS,CAAC,4CAA4C,CAAC,CAAC;IACpE,CAAC;SAAM,IACL,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC;QACtC,CAAC,eAAe,CAAC,UAAU,CAAC,UAAU,CAAC,EACvC,CAAC;QACD,MAAM,IAAI,SAAS,CACjB,8DAA8D,CAC/D,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE,CAAC;QACxD,MAAM,IAAI,SAAS,CAAC,gDAAgD,CAAC,CAAC;IACxE,CAAC;IAED,IAAI,uBAA+B,CAAC;IACpC,IAAI,CAAC;QACH,uBAAuB,GAAG,MAAM,0BAA0B,CAAC;YACzD,aAAa;YACb,WAAW,EAAE,uBAAuB;SACrC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,QAAQ,GAAa,MAAM,KAAK,CACpC,GAAG,eAAe,GAAG,YAAY,CAAC,aAAa,CAAC,EAAE,EAClD;QACE,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,IAAI,OAAO,CAAC;YACnB,aAAa,EAAE,UAAU,uBAAuB,EAAE;SACnD,CAAC;KACH,CACF,CAAC;IACF,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CACb,8CAA8C,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CACvF,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC5C,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QACtC,MAAM,IAAI,SAAS,CACjB,uDAAuD,CACxD,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IACD,MAAM,IAAI,GAAa,IAAI,CAAC,MAAM,CAAC,CAAC;IACpC,OAAO,EAAE,IAAI,EAAE,CAAC;AAClB,CAAC;AAED,eAAe,cAAc,CAAC"}

package/dist/JwtKeyManager/index.d.ts

@@ -1,6 +1,7 @@
-export { AbstractJsonWebKeySetsStore } from './JsonWebKeySetsStore';
-export type { IJsonWebKeySetsStore } from './JsonWebKeySetsStore';
+export { AbstractJsonWebKeySetsStore } from "./JsonWebKeySetsStore";
+export type { IJsonWebKeySetsStore } from "./JsonWebKeySetsStore";
 export type { IJwtKeyManager } from "./IJwtKeyManager";
-export { DatabaseConnectedJwtKeyManager } from './DatabaseConnectedJwtKeyManager';
-export { RemoteJwtKeyManager } from './RemoteJwtKeyManager';
-export { loadJwtDecodingKeys, type IDecodeAuthTokenKeys } from './loadJwtDecodingKeys';
+export { DatabaseConnectedJwtKeyManager } from "./DatabaseConnectedJwtKeyManager";
+export { RemoteJwtKeyManager } from "./RemoteJwtKeyManager";
+export { loadJwtDecodingKeys, type IDecodeAuthTokenKeys, } from "./loadJwtDecodingKeys";
+export { JwtDecodingKeysetNotFoundError } from "./JwtDecodingKeysetNotFoundError";

package/dist/JwtKeyManager/index.js

@@ -1,5 +1,6 @@
-export { AbstractJsonWebKeySetsStore } from './JsonWebKeySetsStore';
-export { DatabaseConnectedJwtKeyManager } from './DatabaseConnectedJwtKeyManager';
-export { RemoteJwtKeyManager } from './RemoteJwtKeyManager';
-export { loadJwtDecodingKeys } from './loadJwtDecodingKeys';
+export { AbstractJsonWebKeySetsStore } from "./JsonWebKeySetsStore";
+export { DatabaseConnectedJwtKeyManager } from "./DatabaseConnectedJwtKeyManager";
+export { RemoteJwtKeyManager } from "./RemoteJwtKeyManager";
+export { loadJwtDecodingKeys, } from "./loadJwtDecodingKeys";
+export { JwtDecodingKeysetNotFoundError } from "./JwtDecodingKeysetNotFoundError";
 //# sourceMappingURL=index.js.map

package/dist/JwtKeyManager/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/JwtKeyManager/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,MAAM,uBAAuB,CAAC;AAKpE,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE5D,OAAO,EAAE,mBAAmB,EAA6B,MAAM,uBAAuB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/JwtKeyManager/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,MAAM,uBAAuB,CAAC;AAKpE,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE5D,OAAO,EACL,mBAAmB,GAEpB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC"}

package/dist/JwtKeyManager/loadJwtDecodingKeys.d.ts

@@ -1,7 +1,8 @@
 import type { IJwtKeyManager } from "../JwtKeyManager";
+import { type ApiServerId } from "@schemavaults/app-definitions";
 import { type JWKS } from "@schemavaults/jwt";
 export interface ILoadJwtDecodingKeysOptions {
-    audience_id: string;
+    audience_id: ApiServerId;
     keyset_id: string;
     keys_manager: IJwtKeyManager;
     debug?: boolean;

package/dist/JwtKeyManager/loadJwtDecodingKeys.js

@@ -1,11 +1,13 @@
-import { apiServerIdSchema } from "@schemavaults/app-definitions";
+import isValidUuid from "../is-valid-uuid";
+import { apiServerIdSchema, } from "@schemavaults/app-definitions";
 import { importAsymmetricJWK } from "@schemavaults/jwt";
+import { JwtDecodingKeysetNotFoundError } from "./JwtDecodingKeysetNotFoundError";
 export async function loadJwtDecodingKeysFromJwks({ keyset_id, jwks, }, debug = false) {
     if (jwks.keys.length === 0) {
-        throw new Error("JWKS appears to be empty, cannot extract decoding keys from empty set!");
+        throw new JwtDecodingKeysetNotFoundError(keyset_id, "JWKS appears to be empty, cannot extract decoding keys from empty set!");
     }
     if (debug) {
-        console.log(`loadJwtDecodingKeysFromJwks(keyset_id='${keyset_id}', jwks)`);
+        console.log(`loadJwtDecodingKeysFromJwks(keyset_id='${keyset_id}', jwks.keys.length='${jwks.keys.length}')`);
     }
     // Loop over keys in JWKS and find the required keys
     let verification_key = undefined;
@@ -53,16 +55,16 @@ export async function loadJwtDecodingKeysFromJwks({ keyset_id, jwks, }, debug =
         .map((k) => `'${k.kid}'`)
         .join(", ");
     if (!verification_key && !decryption_key) {
-        console.error(`Missing both verification and decryption keys for keyset '${keyset_id}' from available keys: `, listOfKidsInJwks);
-        throw new Error(`Missing both verification and decryption keys for keyset '${keyset_id}'`);
+        console.warn(`Missing both verification and decryption keys for keyset '${keyset_id}' from available keys: `, listOfKidsInJwks);
+        throw new JwtDecodingKeysetNotFoundError(keyset_id, `Missing both verification and decryption keys for keyset '${keyset_id}'`);
     }
     else if (!verification_key) {
-        console.error(`Missing verification key for keyset '${keyset_id}' from available keys: `, listOfKidsInJwks);
-        throw new Error(`Missing verification key for keyset '${keyset_id}'`);
+        console.warn(`Missing verification key for keyset '${keyset_id}' from available keys: `, listOfKidsInJwks);
+        throw new JwtDecodingKeysetNotFoundError(keyset_id, `Missing verification key for keyset '${keyset_id}'`);
     }
     else if (!decryption_key) {
-        console.error(`Missing decryption key for keyset '${keyset_id}' from available keys: `, listOfKidsInJwks);
-        throw new Error(`Missing decryption key for keyset '${keyset_id}'`);
+        console.warn(`Missing decryption key for keyset '${keyset_id}' from available keys: `, listOfKidsInJwks);
+        throw new JwtDecodingKeysetNotFoundError(keyset_id, `Missing decryption key for keyset '${keyset_id}'`);
     }
     else {
         throw new Error("Error handling missing JWT decoding keys gracefully!");
@@ -71,15 +73,28 @@ export async function loadJwtDecodingKeysFromJwks({ keyset_id, jwks, }, debug =
 export async function loadJwtDecodingKeys({ keys_manager, keyset_id, audience_id, ...opts }) {
     const debug = opts.debug ?? false;
     if (!apiServerIdSchema.safeParse(audience_id).success) {
-        throw new Error(`Invalid audience ID to load JWT decoding keys for: '${audience_id}'`);
+        throw new TypeError(`Invalid audience ID to load JWT decoding keys for: '${audience_id}'`);
+    }
+    else if (!isValidUuid(keyset_id)) {
+        throw new TypeError("Expected 'keyset_id' to be a valid UUID!");
+    }
+    let jwks;
+    try {
+        jwks = await keys_manager.loadJwks(audience_id);
+    }
+    catch (e) {
+        console.error("Failed to load JWKS from key manager: ", e);
+        throw new Error("Failed to load JWKS from key manager!");
     }
-    const jwks = await keys_manager.loadJwks(audience_id);
     if (!jwks ||
         typeof jwks !== "object" ||
         !("keys" in jwks) ||
         !Array.isArray(jwks.keys)) {
         throw new TypeError("Invalid JWKS; not an object or missing 'keys' array!");
     }
+    if (jwks.keys.length === 0) {
+        throw new JwtDecodingKeysetNotFoundError(keyset_id, "Received JWKS from JwtKeyManager but it does not appear to include any keys.");
+    }
     const jwt_decoding_keys = await loadJwtDecodingKeysFromJwks({ keyset_id, jwks }, debug);
     return jwt_decoding_keys;
 }

package/dist/JwtKeyManager/loadJwtDecodingKeys.js.map

@@ -1 +1 @@
-{"version":3,"file":"loadJwtDecodingKeys.js","sourceRoot":"","sources":["../../src/JwtKeyManager/loadJwtDecodingKeys.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAa,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAenE,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,EACE,SAAS,EACT,IAAI,GAIL,EACD,QAAiB,KAAK;IAEtB,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,wEAAwE,CACzE,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,0CAA0C,SAAS,UAAU,CAAC,CAAC;IAC7E,CAAC;IAED,oDAAoD;IACpD,IAAI,gBAAgB,GAA0B,SAAS,CAAC;IACxD,IAAI,cAAc,GAA0B,SAAS,CAAC;IACtD,SAAS,oBAAoB;QAC3B,OAAO,gBAAgB,IAAI,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC;IAC3D,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC;QACpB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,IAAI,SAAS,CAAC,4CAA4C,CAAC,CAAC;QACpE,CAAC;QACD,IAAI,GAAG,KAAK,GAAG,SAAS,eAAe,EAAE,CAAC;YACxC,gBAAgB,GAAG,MAAM,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAClD,IAAI,oBAAoB,EAAE,EAAE,CAAC;gBAC3B,MAAM,CAAC,qCAAqC;YAC9C,CAAC;iBAAM,CAAC;gBACN,SAAS;YACX,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,KAAK,GAAG,SAAS,aAAa,EAAE,CAAC;YAC7C,cAAc,GAAG,MAAM,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAChD,IAAI,oBAAoB,EAAE,EAAE,CAAC;gBAC3B,MAAM,CAAC,qCAAqC;YAC9C,CAAC;iBAAM,CAAC;gBACN,SAAS;YACX,CAAC;QACH,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,cAAc;QAC1B,CAAC;IACH,CAAC;IAED,MAAM,yBAAyB,GAAY,oBAAoB,EAAE,CAAC;IAClE,IAAI,yBAAyB,IAAI,gBAAgB,IAAI,cAAc,EAAE,CAAC;QACpE,OAAO;YACL,SAAS;YACT,gBAAgB;YAChB,cAAc;SACgB,CAAC;IACnC,CAAC;IAED,4DAA4D;IAE5D,MAAM,gBAAgB,GAAW,IAAI,CAAC,IAAI;SACvC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC;SACxB,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,IAAI,CAAC,gBAAgB,IAAI,CAAC,cAAc,EAAE,CAAC;QACzC,OAAO,CAAC,KAAK,CACX,6DAA6D,SAAS,yBAAyB,EAC/F,gBAAgB,CACjB,CAAC;QACF,MAAM,IAAI,KAAK,CACb,6DAA6D,SAAS,GAAG,CAC1E,CAAC;IACJ,CAAC;SAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC7B,OAAO,CAAC,KAAK,CACX,wCAAwC,SAAS,yBAAyB,EAC1E,gBAAgB,CACjB,CAAC;QACF,MAAM,IAAI,KAAK,CAAC,wCAAwC,SAAS,GAAG,CAAC,CAAC;IACxE,CAAC;SAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC3B,OAAO,CAAC,KAAK,CACX,sCAAsC,SAAS,yBAAyB,EACxE,gBAAgB,CACjB,CAAC;QACF,MAAM,IAAI,KAAK,CAAC,sCAAsC,SAAS,GAAG,CAAC,CAAC;IACtE,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,EACxC,YAAY,EACZ,SAAS,EACT,WAAW,EACX,GAAG,IAAI,EACqB;IAC5B,MAAM,KAAK,GAAY,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC;IAE3C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,uDAAuD,WAAW,GAAG,CACtE,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAS,MAAM,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5D,IACE,CAAC,IAAI;QACL,OAAO,IAAI,KAAK,QAAQ;QACxB,CAAC,CAAC,MAAM,IAAI,IAAI,CAAC;QACjB,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EACzB,CAAC;QACD,MAAM,IAAI,SAAS,CAAC,sDAAsD,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,iBAAiB,GACrB,MAAM,2BAA2B,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;IAEhE,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED,eAAe,mBAAmB,CAAC"}
+{"version":3,"file":"loadJwtDecodingKeys.js","sourceRoot":"","sources":["../../src/JwtKeyManager/loadJwtDecodingKeys.ts"],"names":[],"mappings":"AAAA,OAAO,WAAW,MAAM,iBAAiB,CAAC;AAE1C,OAAO,EAEL,iBAAiB,GAClB,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAa,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACnE,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAelF,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,EACE,SAAS,EACT,IAAI,GAIL,EACD,QAAiB,KAAK;IAEtB,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,8BAA8B,CACtC,SAAS,EACT,wEAAwE,CACzE,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CACT,0CAA0C,SAAS,wBAAwB,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAChG,CAAC;IACJ,CAAC;IAED,oDAAoD;IACpD,IAAI,gBAAgB,GAA0B,SAAS,CAAC;IACxD,IAAI,cAAc,GAA0B,SAAS,CAAC;IACtD,SAAS,oBAAoB;QAC3B,OAAO,gBAAgB,IAAI,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC;IAC3D,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC;QACpB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,IAAI,SAAS,CAAC,4CAA4C,CAAC,CAAC;QACpE,CAAC;QACD,IAAI,GAAG,KAAK,GAAG,SAAS,eAAe,EAAE,CAAC;YACxC,gBAAgB,GAAG,MAAM,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAClD,IAAI,oBAAoB,EAAE,EAAE,CAAC;gBAC3B,MAAM,CAAC,qCAAqC;YAC9C,CAAC;iBAAM,CAAC;gBACN,SAAS;YACX,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,KAAK,GAAG,SAAS,aAAa,EAAE,CAAC;YAC7C,cAAc,GAAG,MAAM,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAChD,IAAI,oBAAoB,EAAE,EAAE,CAAC;gBAC3B,MAAM,CAAC,qCAAqC;YAC9C,CAAC;iBAAM,CAAC;gBACN,SAAS;YACX,CAAC;QACH,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,cAAc;QAC1B,CAAC;IACH,CAAC;IAED,MAAM,yBAAyB,GAAY,oBAAoB,EAAE,CAAC;IAClE,IAAI,yBAAyB,IAAI,gBAAgB,IAAI,cAAc,EAAE,CAAC;QACpE,OAAO;YACL,SAAS;YACT,gBAAgB;YAChB,cAAc;SACgB,CAAC;IACnC,CAAC;IAED,4DAA4D;IAE5D,MAAM,gBAAgB,GAAW,IAAI,CAAC,IAAI;SACvC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC;SACxB,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,IAAI,CAAC,gBAAgB,IAAI,CAAC,cAAc,EAAE,CAAC;QACzC,OAAO,CAAC,IAAI,CACV,6DAA6D,SAAS,yBAAyB,EAC/F,gBAAgB,CACjB,CAAC;QACF,MAAM,IAAI,8BAA8B,CACtC,SAAS,EACT,6DAA6D,SAAS,GAAG,CAC1E,CAAC;IACJ,CAAC;SAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC7B,OAAO,CAAC,IAAI,CACV,wCAAwC,SAAS,yBAAyB,EAC1E,gBAAgB,CACjB,CAAC;QACF,MAAM,IAAI,8BAA8B,CACtC,SAAS,EACT,wCAAwC,SAAS,GAAG,CACrD,CAAC;IACJ,CAAC;SAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC3B,OAAO,CAAC,IAAI,CACV,sCAAsC,SAAS,yBAAyB,EACxE,gBAAgB,CACjB,CAAC;QACF,MAAM,IAAI,8BAA8B,CACtC,SAAS,EACT,sCAAsC,SAAS,GAAG,CACnD,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,EACxC,YAAY,EACZ,SAAS,EACT,WAAW,EACX,GAAG,IAAI,EACqB;IAC5B,MAAM,KAAK,GAAY,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC;IAE3C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAC;QACtD,MAAM,IAAI,SAAS,CACjB,uDAAuD,WAAW,GAAG,CACtE,CAAC;IACJ,CAAC;SAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,SAAS,CAAC,0CAA0C,CAAC,CAAC;IAClE,CAAC;IAED,IAAI,IAAU,CAAC;IACf,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAClD,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,CAAC,CAAC,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IAED,IACE,CAAC,IAAI;QACL,OAAO,IAAI,KAAK,QAAQ;QACxB,CAAC,CAAC,MAAM,IAAI,IAAI,CAAC;QACjB,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EACzB,CAAC;QACD,MAAM,IAAI,SAAS,CAAC,sDAAsD,CAAC,CAAC;IAC9E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,8BAA8B,CACtC,SAAS,EACT,8EAA8E,CAC/E,CAAC;IACJ,CAAC;IAED,MAAM,iBAAiB,GACrB,MAAM,2BAA2B,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;IAEhE,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED,eAAe,mBAAmB,CAAC"}

package/dist/MaximumBrowserCookieSize.d.ts

@@ -1,3 +1,3 @@
-declare const MaximumBrowserCookieSize = 4096;
+import { MaximumBrowserCookieSize } from "@schemavaults/auth-common";
 export { MaximumBrowserCookieSize };
 export default MaximumBrowserCookieSize;

package/dist/MaximumBrowserCookieSize.js

@@ -1,4 +1,4 @@
-const MaximumBrowserCookieSize = 4096; // 4KB
+import { MaximumBrowserCookieSize } from "@schemavaults/auth-common";
 export { MaximumBrowserCookieSize };
 export default MaximumBrowserCookieSize;
 //# sourceMappingURL=MaximumBrowserCookieSize.js.map

package/dist/MaximumBrowserCookieSize.js.map

@@ -1 +1 @@
-{"version":3,"file":"MaximumBrowserCookieSize.js","sourceRoot":"","sources":["../src/MaximumBrowserCookieSize.ts"],"names":[],"mappings":"AAAA,MAAM,wBAAwB,GAAG,IAAI,CAAC,CAAC,MAAM;AAE7C,OAAO,EAAE,wBAAwB,EAAE,CAAC;AACpC,eAAe,wBAAwB,CAAC"}
+{"version":3,"file":"MaximumBrowserCookieSize.js","sourceRoot":"","sources":["../src/MaximumBrowserCookieSize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,EAAE,wBAAwB,EAAE,CAAC;AACpC,eAAe,wBAAwB,CAAC"}

package/dist/NextjsAppDirectoryPlugin/NextjsAppDirectoryPlugin.d.ts

@@ -0,0 +1,5 @@
+import type { IAuthResourceServerCodegenOptions } from "./codegen";
+export declare class NextjsAppDirectoryPlugin {
+    static codegen(opts?: IAuthResourceServerCodegenOptions): Promise<void>;
+}
+export default NextjsAppDirectoryPlugin;

package/dist/NextjsAppDirectoryPlugin/NextjsAppDirectoryPlugin.js

@@ -0,0 +1,8 @@
+export class NextjsAppDirectoryPlugin {
+    static async codegen(opts) {
+        const gen = await import("./codegen").then((m) => m.default);
+        return await gen(opts);
+    }
+}
+export default NextjsAppDirectoryPlugin;
+//# sourceMappingURL=NextjsAppDirectoryPlugin.js.map

package/dist/NextjsAppDirectoryPlugin/NextjsAppDirectoryPlugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"NextjsAppDirectoryPlugin.js","sourceRoot":"","sources":["../../src/NextjsAppDirectoryPlugin/NextjsAppDirectoryPlugin.ts"],"names":[],"mappings":"AAEA,MAAM,OAAO,wBAAwB;IAC5B,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,IAAwC;QAClE,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAC7D,OAAO,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC;CACF;AAED,eAAe,wBAAwB,CAAC"}

package/dist/NextjsAppDirectoryPlugin/codegen.d.ts

@@ -0,0 +1,4 @@
+export interface IAuthResourceServerCodegenOptions {
+    codegenTemplatesDirectory?: string;
+}
+export default function codegen(opts?: IAuthResourceServerCodegenOptions): Promise<void>;

package/dist/NextjsAppDirectoryPlugin/codegen.js

@@ -0,0 +1,80 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { dirname } from "path";
+import resolveAppDirectory from "./resolve-app-directory";
+import { join } from "path";
+import resolveCodegenTemplatesDirectory from "./resolve-codegen-templates-directory";
+const pagesToCreate = [
+    {
+        app_dir_path: "/auth/login",
+        codegen_template_path: "auth/login/page.tsx",
+    },
+    {
+        app_dir_path: "/auth/register",
+        codegen_template_path: "auth/register/page.tsx",
+    },
+    {
+        app_dir_path: "/auth/logout",
+        codegen_template_path: "auth/logout/page.tsx",
+    },
+    {
+        app_dir_path: "/auth/authorize",
+        codegen_template_path: "auth/authorize/page.tsx",
+    },
+];
+function createClientPages(appDirectory, templatesDir) {
+    for (const page of pagesToCreate) {
+        const destPath = join(appDirectory, page.app_dir_path, "page.tsx");
+        if (existsSync(destPath)) {
+            console.log(` - skipping '${page.app_dir_path}/page.tsx' (already exists)`);
+            continue;
+        }
+        const destDir = dirname(destPath);
+        if (!existsSync(destDir)) {
+            mkdirSync(destDir, { recursive: true });
+        }
+        const templatePath = join(templatesDir, page.codegen_template_path);
+        const templateContent = readFileSync(templatePath, {
+            encoding: "utf-8",
+        });
+        writeFileSync(destPath, templateContent, { encoding: "utf-8" });
+        console.log(` - created '${page.app_dir_path}/page.tsx'`);
+    }
+}
+function createClientAuthProvider(appDirectory, templatesDir) {
+    const srcTemplatePath = join(templatesDir, "auth", "auth-provider.tsx");
+    const destPath = join(appDirectory, "auth", "auth-provider.tsx");
+    if (existsSync(destPath)) {
+        console.log(` - skipping 'auth/auth-provider.tsx' (already exists)`);
+        return;
+    }
+    const destDir = dirname(destPath);
+    if (!existsSync(destDir)) {
+        mkdirSync(destDir, { recursive: true });
+    }
+    const templateContent = readFileSync(srcTemplatePath, {
+        encoding: "utf-8",
+    });
+    writeFileSync(destPath, templateContent, { encoding: "utf-8" });
+    console.log(` - created 'auth/auth-provider.tsx'`);
+}
+export default async function codegen(opts) {
+    console.log(`[@schemavaults/auth-server-sdk/NextjsAppDirectoryPlugin] Running codegen:`);
+    const appDirectory = resolveAppDirectory();
+    console.log(` - resolved /app directory at '${appDirectory}'`);
+    const authDirectory = join(appDirectory, "auth");
+    if (!existsSync(authDirectory)) {
+        mkdirSync(authDirectory);
+        console.log(` - created /auth directory at '${authDirectory}'`);
+    }
+    else {
+        console.log(` - /auth directory already exists at '${authDirectory}'`);
+    }
+    const templatesDir = typeof opts?.codegenTemplatesDirectory === "string"
+        ? opts.codegenTemplatesDirectory
+        : resolveCodegenTemplatesDirectory();
+    console.log(` - resolved codegen templates directory at '${templatesDir}'`);
+    createClientPages(appDirectory, templatesDir);
+    createClientAuthProvider(appDirectory, templatesDir);
+    console.log(`[@schemavaults/auth-server-sdk/NextjsAppDirectoryPlugin] Codegen complete.`);
+}
+//# sourceMappingURL=codegen.js.map

package/dist/NextjsAppDirectoryPlugin/codegen.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"codegen.js","sourceRoot":"","sources":["../../src/NextjsAppDirectoryPlugin/codegen.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC/B,OAAO,mBAAmB,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,gCAAgC,MAAM,uCAAuC,CAAC;AAWrF,MAAM,aAAa,GAAiC;IAClD;QACE,YAAY,EAAE,aAAa;QAC3B,qBAAqB,EAAE,qBAAqB;KAC7C;IACD;QACE,YAAY,EAAE,gBAAgB;QAC9B,qBAAqB,EAAE,wBAAwB;KAChD;IACD;QACE,YAAY,EAAE,cAAc;QAC5B,qBAAqB,EAAE,sBAAsB;KAC9C;IACD;QACE,YAAY,EAAE,iBAAiB;QAC/B,qBAAqB,EAAE,yBAAyB;KACjD;CACF,CAAC;AAEF,SAAS,iBAAiB,CAAC,YAAoB,EAAE,YAAoB;IACnE,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAW,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;QAC3E,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CACT,gBAAgB,IAAI,CAAC,YAAY,6BAA6B,CAC/D,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAW,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACzB,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,YAAY,GAAW,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAC5E,MAAM,eAAe,GAAW,YAAY,CAAC,YAAY,EAAE;YACzD,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;QACH,aAAa,CAAC,QAAQ,EAAE,eAAe,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAChE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,CAAC,YAAY,YAAY,CAAC,CAAC;IAC5D,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAAC,YAAoB,EAAE,YAAoB;IAC1E,MAAM,eAAe,GAAW,IAAI,CAClC,YAAY,EACZ,MAAM,EACN,mBAAmB,CACpB,CAAC;IACF,MAAM,QAAQ,GAAW,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,mBAAmB,CAAC,CAAC;IACzE,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;QACrE,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACzB,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,MAAM,eAAe,GAAW,YAAY,CAAC,eAAe,EAAE;QAC5D,QAAQ,EAAE,OAAO;KAClB,CAAC,CAAC;IACH,aAAa,CAAC,QAAQ,EAAE,eAAe,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,OAAO,CACnC,IAAwC;IAExC,OAAO,CAAC,GAAG,CACT,2EAA2E,CAC5E,CAAC;IAEF,MAAM,YAAY,GAAW,mBAAmB,EAAE,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,kCAAkC,YAAY,GAAG,CAAC,CAAC;IAC/D,MAAM,aAAa,GAAW,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACzD,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QAC/B,SAAS,CAAC,aAAa,CAAC,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,kCAAkC,aAAa,GAAG,CAAC,CAAC;IAClE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,yCAAyC,aAAa,GAAG,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,YAAY,GAChB,OAAO,IAAI,EAAE,yBAAyB,KAAK,QAAQ;QACjD,CAAC,CAAC,IAAI,CAAC,yBAAyB;QAChC,CAAC,CAAC,gCAAgC,EAAE,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,+CAA+C,YAAY,GAAG,CAAC,CAAC;IAE5E,iBAAiB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAC9C,wBAAwB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAErD,OAAO,CAAC,GAAG,CACT,4EAA4E,CAC7E,CAAC;AACJ,CAAC"}

package/dist/NextjsAppDirectoryPlugin/index.d.ts

@@ -0,0 +1,2 @@
+export { NextjsAppDirectoryPlugin, NextjsAppDirectoryPlugin as default, } from "./NextjsAppDirectoryPlugin";
+export type { IAuthResourceServerCodegenOptions } from "./codegen";

package/dist/NextjsAppDirectoryPlugin/index.js

@@ -0,0 +1,2 @@
+export { NextjsAppDirectoryPlugin, NextjsAppDirectoryPlugin as default, } from "./NextjsAppDirectoryPlugin";
+//# sourceMappingURL=index.js.map

package/dist/NextjsAppDirectoryPlugin/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/NextjsAppDirectoryPlugin/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,wBAAwB,EACxB,wBAAwB,IAAI,OAAO,GACpC,MAAM,4BAA4B,CAAC"}

package/dist/NextjsAppDirectoryPlugin/resolve-app-directory.d.ts

@@ -0,0 +1 @@
+export default function resolveAppDirectory(): string;